Cyber security has become an increasingly important topic not only for individuals but for companies as well. I guess that’s why the cyber security session at RIMS 2011 was one of the most popular of the day, with seats filled and attendees lining the walls.
“Cyber Security: Covering Your Assets” featured a panel of industry experts, including Mark Greisiger, president of NetDilligence; Robert Parisi, senior vice president of Marsh; Richard Billson of Zurich North America Commercial and Victoria Telford, director of global insurance and risk management for Hanesbrands.
Billson called for more stringent cyber security actions, noting that “$3 trillion daily moves over network connections.”
Greisiger, referenced a shocking 2010 forensics study from Verizon Security Consultants, which claims:
- 70% resulting external bad actors (hackers, malware)
- 48% caused by insiders and a large part of this (90%) deliberate
- 61% of datat breach discovered by 3rd parties NOT by the company itself
- 96%of incidents were avoidable with simple controls
As for top perils, Greisiger noted the following:
- Hacking (SQL injection)
- Laptop loss
- Backup tape loss
- Staff mistakes (“probably 50% of the losses we see” according to Greisiger)
- DDoS attacks (denial of service)
- Business partner mishaps and breach
Why the problem of data breaches? Greisiger states:
- Most businesses collection more information than necessary and that data is often stored for too long (California laws are trying to do away with retailers asking for zip code – they do reverse indentification and bombard customers with marketing)
- Websites are very porous and need constant care
- IDS (detection) is very weak (intrusion detection software)
Greisiger concluded with a strong message, stating that with data loss and cyber security threats, “it’s not if but when it happens. It may have already happened to your company.”
Scary thought indeed.